In today's newsletter, you said that there are active botnets and infected
machines on the internet that are tirelessly searching for unprotected
machines. Upon finding one, they will gain entry and install malware.

Since I feel the constitution allows me to ask one inane questions a day,
this is it: Why? Why do these scums of the earth want to infect simple,
personal computers with some type of virus or malware?

I can understand that there may be ways to get personal information and
items like that, but I don't understand why dirtballs try to infect computers
with a virus just so said computer crashes or doesn't run correctly. So again,
why would they want to do this stuff?

•

In this excerpt from
Answercast #9, I explore the reasons hackers work so tirelessly to hack into
computers and wreak havoc in the internet world.

•

Spam, bots, and viruses

Why do hackers hack?

Yeah. It's interesting. Over the years, it's changed. In the early years (and
I'm talking 50-20 years ago, at the dawn of the internet), hackers hacked
simply to prove that they could; to show how cool they were, for bragging
rights. The people who could take down the machines were the coolest (or
whatever.)

Lately, however, and you've alluded to it in your question, the nature of
malware has changed dramatically. Malware has become less destructive.

Don't kill the patient

In other words, if malware crashes your machine, it's typically an accident.
The malware was poorly written and not necessarily intentional. That's not what the
malware was designed to do.

What malware is trying to do, these days, is typically two things.

1. Information theft

They install software that somehow captures your information through
keyloggers or activity loggers (as you alluded, to steal your identity, steal
your banking information, steal whatever). They're basically trying to get
information that the hacker can then turn around and sell.

2. Spread botnets

The other thing that they're trying to do is install on to your machine
software that you don't notice is there. You don't know your machine is
infected, but it is infected; it becomes a zombie; it becomes part of a botnet.
What ends up happening is your machine gets used to email spam.

The only thing you might notice is that perhaps your machine is a little bit
slower, but the fact is there's a machine in the background that is responding
to requests from some other controller on the internet to say, "OK, now here's a
list of email addresses. Go send this message to all of these email
addresses."

The reasons spammers do that is because that allows them to distribute their
spam attack across thousands, hundreds of thousands machines around the
internet. That means that blocking spam is no longer as simple as just blocking
an IP address. Spam is now coming from hundreds of thousands of IP addresses
all around the internet.

Are you infected?

If you're infected, one of them could be yours.

So, in reality, most malicious software these days comes down to money. Either they're:

Trying to gain information from your computer (that they can then
turn around and sell for identity theft) or

They're trying to hijack your machine (set up botnets so they can turn
around and send spam and try and sell whatever it is spam tries to sell)

Leo A. Notenboom has been playing with computers since he
was required to take a programming class in 1976. An 18 year career as a programmer at Microsoft soon followed.
After "retiring" in 2001, Leo started Ask Leo! in 2003 as a place for answers
to common computer and technical questions. More about Leo.

As an I/T professional, on a regular basis I see greed expressed in a different way. Malware contains (we've all seen this) an app which starts pretending to scan and suggesting the computer is infected. Of course, this is the direct way to mine CC info, as their "product" is already there and waiting to "clean things up." At a minimum, you've approved the original purchase amount, though no one ever gets anything in return.

Steve Barker
April 17, 2012 11:29 AM

I receive spam from out-of-knowhere email addresses that purport to be selling major brand names.

Do the major brands support this tactic or are the spammers phishing? I have never clicked on a link in one of these spam emails.

Geraint Duck
April 17, 2012 11:38 AM

Should "That's what the malware was designed to do." be "That's NOT what the malware was designed to do."?

W Allen
April 17, 2012 11:54 AM

Michael braught up what i consider to be the most maliscious of the common programs i see today.
I too work in IT and have cleaned several machines that contracted this nasty bug.
It in my opinion is full fledged blackmail and illegal by holding the individuals computer hostage until iether A: you pay them to remove what they put on your computer.
Or B: contact your friendly pc nerd to remove it. I have found that the boot scan in Spybot (run under Admin) does a fairly decent job unless this has mutated already again. I always get angry when i see this and think these people should be held legally accountable.

Mark J
April 17, 2012 11:59 AM

@Steve
This kind of spam, purportedly advertising major name brands, is in most cases, pushing counterfeit versions of these brand name products or in a few cases, resellers selling the real thing. They are never condoned by the companies which make the original products.

Mark J
April 17, 2012 12:04 PM

@Geraint
You're right! Thanks. It's fixed now.

Reuben
April 17, 2012 5:13 PM

2.) To spread SPAM..
You mean to say that hackers nowadays are businessmen trying desperately to sell their products via email? Or are hackers working for businessmen trying desperately to sell their products via email? We all know that SPAM are just annoying messages (that don't deserve to be clicked on) but I guess there are still some people who are ignorant of SPAm and believe it's the real deal.

The majority of hackers are trying to make money by various means. And yes that often means trying to sell products or fake products via email. It doesn't take many sales to make it a cost-effective approach.

17-Apr-2012

Rod
April 18, 2012 9:29 AM

Great article. I too have fixed many computers over the years. The worst virus for me at the time was Klez. Now its spam and malware and what Leo says is correct its all about money now days.

Engineer10388
April 22, 2012 10:36 AM

A friend who uses the same ISP had their PC infected and subsequently used in a denial-of-service attack and to broadcast malware/spam. Some time later I found my email being blocked by corporate recipients, allegedly for "spam" or other such activity, but I run behind a router, use a top-rated security suite, very strict PC security settings, and great caution regarding any links or email attachments. Apparently my ISP randomly assigns IP addresses and as they rotated around I had gotten the same one my unfortunate friend had used while infected. I had to apply to get on what I think the security source called a whitelist (not sure), in order to remove the block. I even update malware definitions and run a quick scan at the end of each browsing session and you would be amazed at the number of *tracking* cookies placed by reputable sites.

Mike Shaw
April 23, 2012 12:43 PM

I do not doubt you are correct in most cases. But there will also always be a few who just want to destroy things. They are probably the same ones who throw bricks through store windows and destroy tombstones in cemeteries.

•

Comments on this entry are closed.

If you have a question, start by using the search box up at the
top of the page - there's a very good chance that
your question has already been answered on Ask Leo!.